| login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ |  104.21.48.209 | 403 Forbidden | 7.7 kB |
URL User Request GET HTTP/1.1login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ IP104.21.48.209:80
File typeHTML document, ASCII text, with very long lines (17483), with no line terminators Hashf31c024c5769f2456bcc6583582e0c58 9b13618c409ffe311fb754c88e561e017330d7b6 71eb9583d4da1e23fc17dc92ffbfb6bf9a57fb8f118b211892813304d6d71ce2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 21:15:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: zV42AH1kudk5IqsDadur8mDVsaaLD2Y6ytyI9EbdIzqf5DfnFvDzmt29qlJfbRFMHAUymOHuDpUBK1Dwh7a1eU3nVZEnNdYYXqays5HCh/M=$tkAVI8h/c/qXYzAsc5qLGQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QBeCVg6ripm1Yz3E051RHzIbqYZONJ7%2FgCNZyhcRIDLJIYWRSJL86VG8hqhTHx3lEcNDayd9j7vTrgzY5sl23WTmsTBZcRDCSpPBqDtT7GJrykTWOSPLTBSX5AQ2UeZd%2F7fe2Nxv2otWRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c767548440b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c767548440b59 |  172.67.137.117 | | 112 kB |
URL login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c767548440b59 IP172.67.137.117:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (111595 bytes) Hash2fd536d1ae8de2d975f68324bca2a2ef 8f5c16b51060a9f3799fc7f1f70cf546b762f0d9 1bc8e4e92b741b57e30a3a23912bd1acff4c4ac885060b23149a3c3c0e4ca46a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c767548440b59 HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=ZdQCc.E5Fb_JtXjjVbmbcRAXdCK.R2dbRapG50iJ6gw-1715202901-0.0.1.1-2709
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:15:01 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6VRBGgXmN%2FUYjQDSXgCnrQM4xESht8rS%2BAXT3ysRzXhXEGYiAhk2PKP0%2B2dK1Sl5SUnV9qEr2Nd9WEBcGSR8yc318h7jg6bXmj%2FI5CcMZf2Ov1m%2FDjUwXccN7p9%2Fzgm3MwAR7QdkqrOMTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c76778bae56af-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restore-cords.xyz/favicon.ico | 172.67.137.117 | 404 Not Found | 0 B |
URL GET HTTP/1.1login.restore-cords.xyz/favicon.ico IP172.67.137.117:80
Requested byhttp://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=ZdQCc.E5Fb_JtXjjVbmbcRAXdCK.R2dbRapG50iJ6gw-1715202901-0.0.1.1-2709
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 21:15:01 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=htnBAycE3KFRKP3ssGwab0A2eA7vCSoyt68OlxOAuqbq%2B2rZh3V8huL0nSP1o0XVctkL0iY%2F6et5wTlWOZDmRe54rO3wfL7VPFn%2FTIT5sUSWNGP%2BUJTgNCyhH8%2BQ7kaEIpyJRh6xwsTS0w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c7677ec7056af-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/flow/ov1/1784847731:1715200256:48P-SpermGKdNu253dwkCMkwCF1i5vPjK-STS0QfBTU/880c767548440b59/2a9e9c5df680c0b | 172.67.137.117 | | 12 kB |
URL login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/flow/ov1/1784847731:1715200256:48P-SpermGKdNu253dwkCMkwCF1i5vPjK-STS0QfBTU/880c767548440b59/2a9e9c5df680c0b IP172.67.137.117:0
File typeASCII text, with very long lines (16224), with no line terminators Hash2becfe953e28a7a08ad982757f2dedb2 7e6e754559b5a96c1da76cfedf9ab57bc97d8512 5aed8f472ccdd2184c7f35242a7961539093aa4864f052a86842229e1deae2fa
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1784847731:1715200256:48P-SpermGKdNu253dwkCMkwCF1i5vPjK-STS0QfBTU/880c767548440b59/2a9e9c5df680c0b HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 2a9e9c5df680c0b
Content-Length: 2484
Origin: http://login.restore-cords.xyz
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:15:02 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: zODcnHsB0xOFDsR0C05qaUyA/fz6Ag/RBpHnMtslOISupLlSeEEJmBxba/yaKeJG$nyGC8fplIT9eEyAIWXRmVQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VhEz6ZQXJomhyTf0MMiEOkPug3errmKpruoJGatUadcCkAJjDuSmJfycgydJbyo1nw2Lyziwvh4qoBDjtDK3cBJwkumVz%2FR8sFhLB%2FN%2F9NVj8Q1YAeXSsY3bgey0YrMnEDx28IZo2MSjLw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c76795b28568d-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restore-cords.xyz/favicon.ico | 172.67.137.117 | 404 Not Found | 0 B |
URL GET HTTP/1.1login.restore-cords.xyz/favicon.ico IP172.67.137.117:80
Requested byhttp://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 21:15:02 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqTsnwj%2BPIQ%2FgztI01It3mWctVp3uUAefcSZlkejcv9TMMYJcxPHY6XXO86lCNlmFvuqeloJ4hCLiN4YrPlRldTxW3NbNvKYfDi34jBYgSnbIDSFEcY8n9Y1ukpTSycumChcpnH3leQNDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c7678e98856b5-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/duz0a/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:15:02 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 880c767b7ff21c02-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/779176759:1715200269:j1x4cuISEX_XqeMzhLSsu4H8BlWDbxvJXRV3ooxikTE/880c767aef3c1c02/2dafbc4a0f443a6 | 104.17.2.184 | | 100 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/779176759:1715200269:j1x4cuISEX_XqeMzhLSsu4H8BlWDbxvJXRV3ooxikTE/880c767aef3c1c02/2dafbc4a0f443a6 IP104.17.2.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size100 kB (100179 bytes) Hash704cd0f509a0491473ba23907df4a322 70bbda1f9e9755e771072acfc4b5186f3f04e453 301f3d48577f235f607afba0844e37d4eafb1e8954b366456608dd82ac6ad8e5
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/779176759:1715200269:j1x4cuISEX_XqeMzhLSsu4H8BlWDbxvJXRV3ooxikTE/880c767aef3c1c02/2dafbc4a0f443a6 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/duz0a/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 2dafbc4a0f443a6
Content-Length: 4063
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:15:02 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: rJUjWmr7Pdfm0oXY2YRb6YyCyaRxigoIHL1nAG2rslEtZTNVdKgfKviz5EmKDDZAgByWtHwHG/0EpXdvfyccbPSx4bQ0/b45pkMHm3x902/jdKZEgDUrxXryKb+UpAM6kfCfoiEHLXC5ybi48qIEsAjK94dRyHvuw7F84V8ACcdUA34L4uX1JiO74oeoc0KDIY5M8UZ5sEW0q9Yu362KBdGh/+oPYGtCJyJxbFkdr86F2dS/XAdeh+veBElMYl3rCEWPkOluY85atQdFwetp88x7XlYdsiDAzSlygv33reu9TW9CLjejDiLdD0pFLQI+xbmJLJDSWyirgoRjiaDIVD6FgTtr+ZRY7bT5Wao5rCHwQz8UCREOLIQIsMWnpO2OmQ4EQrwvUHdUDoKKdFrbW5f03DbKBY9acUw09+fv3r8=$FUdoIVMXo8PTe90aF7T1Bw==
vary: accept-encoding
server: cloudflare
cf-ray: 880c767daaf61c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/duz0a/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | 104.17.2.184 | | 34 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/duz0a/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash6dca6594e4c303d33cd4f1497551bfca 9b79f1559b1d42307b18e71006f0820ef4faacf2 2afa5f1d0d7665f5ab157aed0509b820bfb336d66dddf885ed2e0196882c4273
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/duz0a/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:15:02 GMT
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
vary: accept-encoding
server: cloudflare
cf-ray: 880c767aef3c1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880c767aef3c1c02/1715202902685/9o69NxWltZUw83Q | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880c767aef3c1c02/1715202902685/9o69NxWltZUw83Q IP104.17.2.184:0
File typePNG image data, 50 x 57, 8-bit/color RGB, non-interlaced Hashbce572db5f65a2607a31a915d93a085b 9d61f275925e75eae59a226539904e26b7191a3c 1d791f69890a3b586dffae8eb690879079ad3d4848ebbe2d9cf49bf89fda20a5
GET /cdn-cgi/challenge-platform/h/b/i/880c767aef3c1c02/1715202902685/9o69NxWltZUw83Q HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/duz0a/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:15:05 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880c768d0d8f1c02-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/flow/ov1/1784847731:1715200256:48P-SpermGKdNu253dwkCMkwCF1i5vPjK-STS0QfBTU/880c767548440b59/2a9e9c5df680c0b | 172.67.137.117 | | 1.8 kB |
URL login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/flow/ov1/1784847731:1715200256:48P-SpermGKdNu253dwkCMkwCF1i5vPjK-STS0QfBTU/880c767548440b59/2a9e9c5df680c0b IP172.67.137.117:0
File typeASCII text, with very long lines (2328), with no line terminators Hashbe17e33347f6047978428e4b6de9fff5 67f26def65dccbe88362c4e6a47b7a0d12c28d46 0897dca2d5193539efc91a8a477a5da6a80c63e641ca4917ccc9e72b6b30fe8d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1784847731:1715200256:48P-SpermGKdNu253dwkCMkwCF1i5vPjK-STS0QfBTU/880c767548440b59/2a9e9c5df680c0b HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 2a9e9c5df680c0b
Content-Length: 3145
Origin: http://login.restore-cords.xyz
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:15:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: sRWkvvLbPewYSX7yN3gcCA==$7mPynHQc0qffukWcTah01Q==
cf-chl-out: Fokm45nEBZz8ZXhcgU65kFGKIUCh75CL5ldA5A6pHsARnVO8UZa2S4lBtNf9SNqj6McWj+jb3XHHEqnOnF1j+mq9cO/7gQguhRdM3unL7c4=$r6Q6tPS5njsgDp+Y3okTTg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HpkiWmAzP9SGUuo00IOY%2FwSeN5zw1j8R2QwNJuCjOs6PlUzKqrpypsCUNi8tC8zFtd%2FpQPbWnIae6p1M2xu84AHsYhlBOHc4xqUu5lh0SM1TH7i2PNMlsBXXJxVcDSJlcW2FuS1fXhKksA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c76b819a056af-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ | 172.67.137.117 | 403 Forbidden | 7.7 kB |
URL User Request GET HTTP/1.1login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ IP172.67.137.117:80
File typeHTML document, ASCII text, with very long lines (17504), with no line terminators Hashace5bd1c46d8871721862f8d2a700f0f 116054557bd60fcd8f32c55e7da67e733bedccce d6d358f059923f6655cb888373edce36f06f6aa65787de422e365f90325eb2eb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 21:15:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 0ucUb7enQPSjRFxW+yUh0qTZ35Yb6mJZZYP0w7r9vANEpMoi5BamEGGV6emVceynUbwwSyxVQosJdD2/oO7sWGnPvaaGgQQIjBv2ASnRG3w=$uy1U/A9pMciW5bt1B/5ZuQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dBMMR3YbyPoWSuQ16%2BwaCUi7GIBbdAEa3AYNRg8SjjO%2B5qu8Bsrl5FnQFXHCNdJzd76vo78JuP%2BJve3Y5RucNNQjGcwfdsSwElWb4Z%2BJtNDl1qA7yVOfl6khFtQBfyk2q1WoGZWLmU8vxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c76c50ced56af-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c76c50ced56af | 172.67.137.117 | 200 OK | 114 kB |
URL GET HTTP/1.1login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c76c50ced56af IP172.67.137.117:80
Requested byhttp://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size114 kB (114404 bytes) Hash926c662ecdf51693f17de6112641c270 8889dc9443b7dc59283d0dbe1adf4b296b697fee a12d0c27240c096e63f2127eaa7de0a81551ffbf1787a09e3b560e88bfabd9ae
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c76c50ced56af HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=dcz0XtCVtHU.01BvCfQ0RXXqxz2uUquPucA8NTuE.3Y-1715202914-0.0.1.1-2709
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:15:14 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uyih3ROwXH6zMMBwW3OAO0vQqeW4uV8hlqKrSc2f9%2FN2KF66tjlQjmKxKYYjkq%2BTs8cRHfHkfcQU%2FB3u5a20lZvI6km2iyC94W4x5E0x5brK6B80jLfSmy6yOryTwz6sHG2NkP25x8EWdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c76c57b9c568d-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restore-cords.xyz/favicon.ico | 172.67.137.117 | 404 Not Found | 0 B |
URL GET HTTP/1.1login.restore-cords.xyz/favicon.ico IP172.67.137.117:80
Requested byhttp://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=dcz0XtCVtHU.01BvCfQ0RXXqxz2uUquPucA8NTuE.3Y-1715202914-0.0.1.1-2709
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 21:15:14 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 12
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FVyh%2F%2BFqK3kyVmNWetGRbPWqv1Z0q1DFfVTeB2CtEZOPnAYn82VGCKjscTIP8GpzcOQbJotR1qOpPwaNtvzhcRwyN4tvdlBQYflaaBCS%2BYgQ0QXn%2BuNP82wV%2F4ibS1X1z%2FFaUVt6mjCZJw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c76c5cc14568d-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restore-cords.xyz/favicon.ico | 172.67.137.117 | 404 Not Found | 0 B |
URL GET HTTP/1.1login.restore-cords.xyz/favicon.ico IP172.67.137.117:80
Requested byhttp://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 21:15:14 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 12
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NGOy2MMJfDNPy3WL4BDMEu6ts8aNwrEgBlpXhugtu%2BU0n%2F9pnMKN2YC1yq%2F6GYd8KFul7gHb7wm9GtqoowYl2qS0pDOAgbCaUtfx5V4Tho9e8E2SNntT1jcrfG%2BnYSIgj1SKkgnoNQNg9w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c76c62ca0568d-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit | 104.17.2.184 | 200 OK | 27 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit IP104.17.2.184:443
Requested byhttp://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42565) Hasha5b92920e25651d2058f4982a108347b caeeadd68d38fdb681c52006c68880abc2e8a1a6 49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5
GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://login.restore-cords.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:15:14 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=604800, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 880c76c63b071c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fufpw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | 104.17.2.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fufpw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP104.17.2.184:443
Requested byhttp://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hashe32db944c6472f5ff47900502144cbfd 82b7dc6c2b68bdb884a6183b3293df4451e2c472 f1cc3c2c38260341677674abb88467b4f76d777732b6850fc2a9057abeb8bdef
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fufpw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:15:14 GMT
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
document-policy: js-profiling
cross-origin-embedder-policy: require-corp
vary: accept-encoding
server: cloudflare
cf-ray: 880c76c7dcad1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880c76c7dcad1c02/1715202914982/2WtPXRnbUL7s2S- | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880c76c7dcad1c02/1715202914982/2WtPXRnbUL7s2S- IP104.17.2.184:0
File typePNG image data, 79 x 58, 8-bit/color RGB, non-interlaced Hash0b3378d6e617e7a24e27a2d31de747f6 6706b338d41322ab4b2b5600e4e2777b14fc57d4 87c252e856fc416d9db13e80efe6f683e18e867cc3a3ac1ad1b1b8a04fc20fd3
GET /cdn-cgi/challenge-platform/h/b/i/880c76c7dcad1c02/1715202914982/2WtPXRnbUL7s2S- HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fufpw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:15:17 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880c76da693b1c02-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/flow/ov1/145434998:1715200292:K1-ASH0UHVDQtCdzmjrm2D0H4cq_pMqmnSe2zC58_Wk/880c76c50ced56af/07ba969d64f84c8 | 172.67.137.117 | 200 OK | 1.8 kB |
URL POST HTTP/1.1login.restore-cords.xyz/cdn-cgi/challenge-platform/h/b/flow/ov1/145434998:1715200292:K1-ASH0UHVDQtCdzmjrm2D0H4cq_pMqmnSe2zC58_Wk/880c76c50ced56af/07ba969d64f84c8 IP172.67.137.117:80
Requested byhttp://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
File typeASCII text, with very long lines (2328), with no line terminators Hashbe2fc0f2c93c82885485f18d5373643b 027fbe9c1807e2c2254fed6b453839438137101f e1096e72cf59816c43ccfd3cc2dafbd8bc4fbb6aa22fb9cb330eaecda0831145
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/145434998:1715200292:K1-ASH0UHVDQtCdzmjrm2D0H4cq_pMqmnSe2zC58_Wk/880c76c50ced56af/07ba969d64f84c8 HTTP/1.1
Host: login.restore-cords.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restore-cords.xyz/login?redirect_to=/oauth2/authorize?client_id=1237336682466906134&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=9AjbJZDbIVWdNhkW5ljMZRXVtNmdSNzYspkbMVHbyold41WS2kUaiBnRXJmdS1WSzl0UNVTVDJFNVlmU1U1QNdkVD1UeVN0T4l0aNxWQq1EbjxmUUVzaJZTSTpFdG1mYpd3UNVTSE1EejpWT3lEVOh3YU1kNJl3YspEWhdHaYpVa3lWSw0EVNJTQU9kMZRkT5dmaOJTT610MNpWT4lUaPlWUXNFM1clWwhnMZl2dplEMrRlT0MGRNJTTE1ENjRUT4tmeOFTTU1UavpWSrxWRaNHbXRmbKlXZ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 07ba969d64f84c8
Content-Length: 3155
Origin: http://login.restore-cords.xyz
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:15:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: OL78+6gx0ACZ6qR+KQhIwA==$slgZKTO04CiBcuIw8kc+0g==
cf-chl-out: IZUuvtCrZgku66ntVizswhG/nHHSmmhZ9Bwh+Z0U1om3z86mkQJh96dOEhVNCE2iolozt3Fs5XJWVuguG0JRBw67cDyIjHGszudKQS/cUac=$eYZsQf/yJfaqqXb0Pj+NIw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mMvTAceWSAdQulZneTON%2BQl28m0O6C0qC%2FtP6K3QcV5g1S9bUcq9X%2FFQ1d%2BWngNJY8FQ%2BX0zbZjyrwk6gJpj%2F4y11zZjCzk3ZCdU8tPUFClK17SPP2NI%2BQ4YBR6LxHCPM9jXw1mGGhF5A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c76f89ae4568d-OSL
alt-svc: h2=":443"; ma=60
|
|